Solved: DNAC to ISE Integration

M Talha · ‎08-30-2024

Hi All,

I am integrating DNAC with ISE for external authentication and has setup all the policy and TACACS AVPair for Super admin, Network Admin and Observer but still unable to login vi active directory user credentials. On DNAC under system 360 i can see external auth servers show green checks showing connected and active, but on the ISE node under PXGRID shows offline (XMPP). I tried removing pxgrid and adding it again from DNAC but still it shows same behavior as offline.

Regards,

Talha

Flavio Miranda · ‎08-30-2024

@M Talha

This video can be helpful for you.

https://www.youtube.com/watch?v=dKy9SYo0LvA

View solution in original post

Flavio Miranda · ‎08-30-2024

@M Talha

This video can be helpful for you.

https://www.youtube.com/watch?v=dKy9SYo0LvA

Ben Walters · ‎09-04-2024

When you try logging in what do the logs in ISE say? Are you getting a success in ISE but not being allowed to log in to DNAC?

I had a similar issue and I ended up having to create a new Authz profile specifically for DNAC, we have our main Authz profile that has several AVPair attributes that work for various devices but DNAC denied access when any other AVPair attributes were present in the Authz response.

our DNAC specific profile looks like this

Outside of that it is set up like any other network device we have.